---
name: <%= director_name %>
uuid: deadbeef
runtime:
  ip: 127.1.127.1
  instance: some-name/some-id

port: <%= director_ruby_port %>

mbus: "nats://localhost:<%= nats_port %>"

logging:
  level: DEBUG

dir: <%= sandbox_root %>/boshdir

scheduled_jobs:
  - command: SnapshotDeployments
    schedule: '*/10 * * * * *'
  - command: ScheduledOrphanedVMCleanup
    schedule: '*/10 * * * * *'

db: &bosh_db
  adapter: <%= database.adapter %>
  database: <%= database.db_name %>
  host: 127.0.0.1
  port: <%= database.port %>
  user: <%= database.username %>
  password: <%= database.password %>
  tls:
    enabled: true
    cert:
      ca: <%= database_ca_path %>
      certificate: "/not-used/path/in/integration/tests"
      private_key: "/not-used/path/in/integration/tests"
    bosh_internal:
      ca_provided: true
      mutual_tls_enabled: false
  connection_options:
    max_connections: 32
    pool_timeout: 10

<% if dns_enabled %>
dns:
  db: *bosh_db
<% end %>

trusted_certs: <%= trusted_certs %>


networks:
  enable_cpi_management: <%= networks['enable_cpi_management'] %>

local_dns:
  enabled: <%= local_dns['enabled'] %>
  include_index: <%= local_dns['include_index'] %>
  use_dns_addresses: <%= local_dns['use_dns_addresses'] %>

verify_multidigest_path: <%= verify_multidigest_path %>

version: '0.0.0'

blobstore: &director_blobstore
  provider: local
  options:
    blobstore_path: <%= blobstore_storage_dir %>
    secret: 56aa5b1144e2ac784b30f156d24a873c

scan_and_fix:
  auto_fix_stateful_nodes: <%= director_fix_stateful_nodes || false %>

snapshots:
  enabled: true

flush_arp: true

cloud:
  provider:
    name: <%= external_cpi_config[:name] %>
    path: <%= external_cpi_config[:job_path] %>
  properties:
    dir: <%= cloud_storage_dir %>
    agent:
      blobstore:
        <<: *director_blobstore

user_management:
  provider: <%= user_authentication %>
  <% if user_authentication == 'uaa' %>
  uaa:
    symmetric_key: uaa-secret-key
    # public key of `uaa.jwt.policy.keys.key1.signingKey` from src/spec/assets/uaa_config/asymmetric/uaa.yml
    # To Generate:
    # openssl rsa -pubout -in <(yq .uaa.jwt.policy.keys.key1.signingKey src/spec/assets/uaa_config/asymmetric/uaa.yml)
    public_key: |
      -----BEGIN PUBLIC KEY-----
      MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA06hlEn4/NMWtnele3C5j
      PZm3P55/9jppIQXF/BP0OGaAMoRNZEafv6nH1b8btc4zs0dx52Y7xmOpeRqnXDeD
      3E2uTW0tgjsLQU8BbjlXRrKkzvUiYZqkaCkCMxcX5OcBvhT4Km+/1u4AGuFq9sS2
      Pdv+IAWEOsYbJjPl3lZn2uiQCCX5P5z5JkGbQ/7mBSi/ja1SogP1MBzRLf6VyHpE
      q7zvVnfm+oBsvPu2RC0EM14kL/TktQwyAvpL4TWunhE7gAh4j0fMNgmBfW9NG328
      E2+i+1ag+WyFzSy0rJQHgV0ImEtjhmj0E0C1ysI4Fpy5gew0ZrtsFwnXcKV39xMS
      EG3JLzV3h+QZ4BS9nBi/G8lLF3bWO/B0WTuYDWdkLm1ng3K/Oz0KhVkVG5Igu9FD
      k6EkD62SsMYUMl++3/EMrtNxxvJQDSOOf59/o3BQplbl6qOG6Mpji3ZggxyRYgRS
      iC7PPqJAKYrP3zCzeXyQEMMYxuOcmRR3W6aY341v+9Hs4w+zNJZ2DnB+r6Jaqhpi
      sSiu1yzT0nzkesdv47UNLaTkt0fFMbnvkUSvtz3ZRK5MqVAgjBMULqobz5ASPPe0
      RBg7V6023PHtyNxsJpxsobRG2aril4+7OOspiWSHIuoV1vm1IDs2utHak0GHY0Nc
      MBYj/GcsUXZhHBDbjHk07IsCAwEAAQ==
      -----END PUBLIC KEY-----
    url: <%= uaa_url %>
  <% else %>
  local:
    <% if users_in_manifest %>
    users:
    - {name: test, password: test}
    - {name: hm, password: pass}
    <% end %>
  <% end %>

enable_nats_delivered_templates: <%= enable_nats_delivered_templates %>
enable_short_lived_nats_bootstrap_credentials: <%= enable_short_lived_nats_bootstrap_credentials %>
enable_short_lived_nats_bootstrap_credentials_compilation_vms: <%= enable_short_lived_nats_bootstrap_credentials_compilation_vms %>
enable_cpi_resize_disk: <%= enable_cpi_resize_disk %>
enable_cpi_update_disk: <%= enable_cpi_update_disk %>
default_update_vm_strategy: <%= default_update_vm_strategy %>
cpi:
  max_supported_api_version: 2
  preferred_api_version: <%= preferred_cpi_api_version %>

config_server:
  enabled: <%= config_server_enabled ? 'true' : 'false' %>
<% if config_server_enabled %>
  url: <%= config_server_url %>
  ca_cert: |
    -----BEGIN CERTIFICATE-----
    MIICsjCCAhugAwIBAgIJAJkwSGGr4Q23MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
    BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
    aWRnaXRzIFB0eSBMdGQwIBcNMTYwNzA2MTM1ODU0WhgPMjI5MDA0MjAxMzU4NTRa
    MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
    bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
    AoGBAL86uN6N3vQnSeUpwvAUM6fiID4EF6sN3hFEqlDZ8o454U4tI1O8/QDNK2Cu
    aLF1qNMhotLxuD4R9aEgylsFoIJOMuauB76i5wTgi/Ejk8sVvqXCR0Kco26kduaC
    otumlg3ubuSmUXMrllJxXBG3Ztb4pBAB3vTwWMvHcVckCshFAgMBAAGjgacwgaQw
    HQYDVR0OBBYEFFJfxRKZxmLYlVzL/62aePFB8BxfMHUGA1UdIwRuMGyAFFJfxRKZ
    xmLYlVzL/62aePFB8BxfoUmkRzBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
    ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkAmTBI
    YavhDbcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCriKDu5YZUWdk8
    wO2o83o8Dk4nRAmJ48lD5MJVgght89dbo6zKXmtjf33wxl5iJOTthM1cYna/85NE
    5GuNSO9+i3E2Bb+uv9LXIDtm/SwPmqzcdoIyIa+DgyqI1RCnV6MiBhAtPZ5VVzwH
    jN+3WBwg0RucmyXbMrStizDrwWPccw==
    -----END CERTIFICATE-----
  ca_cert_path: <%= config_server_cert_path %>

  uaa:
    url: <%= config_server_uaa_url %>
    client_id: <%= config_server_uaa_client_id %>
    client_secret: <%= config_server_uaa_client_secret %>
    ca_cert_path: <%= config_server_uaa_ca_cert_path %>
<% end %>

generate_vm_passwords: <%= generate_vm_passwords %>

remove_dev_tools: <%= remove_dev_tools %>

record_events: true

log_access_events: true

director_ips: <%= director_ips %>

director_certificate_expiry_json_path: <%= director_certificate_expiry_json_path %>

nats:
  server_ca_path: <%= nats_server_ca_path %>
  client_certificate_path: <%= nats_director_tls['certificate_path'] %>
  client_private_key_path: <%= nats_director_tls['private_key_path'] %>
  client_ca_certificate_path: <%= nats_client_ca_certificate_path %>
  client_ca_private_key_path: <%= nats_client_ca_private_key_path %>

agent:
  agent_wait_timeout: <%= agent_wait_timeout %>
  env:
    bosh:
      dummy_agent_key_merged: "This key must be sent to agent"

audit_log_path: <%= audit_log_path %>
keep_unreachable_vms: <%= keep_unreachable_vms %>
